SSH / permissions problem

Gary Stainburn gary.stainburn at ringways.co.uk
Wed Jul 14 08:48:27 UTC 2010


On Tuesday 13 July 2010 18:37:21 Phil Meyer wrote:
> When you copy over a .ssh directory, there are at least two things to
> consider:
>
> 1. permissions.
>      $ scp -rp .ssh <target_host>:
>
> 2. do you really want your private key on the target system?  Probably
> all you wanted was to be able to login with ssh key authentication.  To
> do that, you should run:
>     $ ssh-copy-id <target_host>:
>
> If you allow your private key to reside on other systems, then that key
> can be used against you quite easily.  If only the public key is exposed
> in authorized_keys, your account is as secure as it can be.
>
> Rule of thumb is: never expose a private key on a host with direct
> internet access, like a web server.  Use only one private key on your
> desktop, and use ssh-copy-id to set up public keys for any remote ssh
> access.
>
> If you want access to those servers from another system, like a laptop,
> generate a new private key on the laptop and use ssh-copy-id again to
> enable ssh access to the other systems.
>
> Good Luck!

Hi Phil,

I copied the server as I did because I want to new f13 virtual server to 
completely replace the old F8 physical server - hence the 1-for-1 copy.

None of these machines are visible to the internet either so I don't have that 
risk to worry about. Having said that, I will read further into your 
suggestions.

Gary

-- 
Gary Stainburn
 
This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000     


More information about the users mailing list